Re: [PATCH 2/2] Fix mcstrans secolor examples

[Stephen Smalley <sds@xxxxxxxxxxxxx>]

On 9/13/19 11:33 AM, Stephen Smalley wrote:
> On 7/31/19 1:15 AM, Chad Hanson wrote:
> > I agree the secolor configuration file is lacking consistency. From a
> > historical MLS perspective, there were two special labels in many MLS
> > systems: SystemLow and SystemHigh.  This would be "s0" (lowest
> > level/no categories)  and "s15:c0.c1023" (highest level/all
> > categories) respectively.  At these special  levels, there was
> > traditionally no other category usage.
> >
> > I concur we either do the proposed change in this patch or just change
> > the "s0:c0.c1023" lines to just "s0" (SystemLow) to be consistent with
> > the "s15:c0.c1023" (SystemHigh) range that exists currently. They will
> > both provide the desired results.
>
> I see that these two patches were never merged and still apply.  Does 
> anyone have any objection to merging them both?

Both patches applied.

> > -Chad
> >
> >
> > On Mon, Jul 29, 2019 at 5:41 PM Nicolas Iooss <nicolas.iooss@xxxxxxx> 
> > wrote:
> > > On Tue, Jul 2, 2019 at 2:09 PM Vit Mojzis <vmojzis@xxxxxxxxxx> wrote:
> > > > According to "check_dominance" function:
> > > > Range defined as "s15:c0.c1023" does not dominate any other range than
> > > >   "s15:c0.c1023" (does not dominate "s15", "s15:c0.c200", etc.).
> > > > While range defined as "s15-s15:c0.c1023" dominates all of the above.
> > > >
> > > > This is either a bug, or "s15:c0.c1023" should not be used in the
> > > > examples.
> > >
> > > Hello,
> > > I am not familiar with the concepts about range dominance, so I do not
> > > know whether this is a bug that should be fixed or if updating the
> > > examples is better. Can someone please review this?
> > >
> > > Cheers,
> > > Nicolas
> > >
> > > > Signed-off-by: Vit Mojzis <vmojzis@xxxxxxxxxx>
> > > > ---
> > > >   libselinux/man/man5/secolor.conf.5                      | 4 ++--
> > > >   libselinux/man/ru/man5/secolor.conf.5                   | 4 ++--
> > > >   mcstrans/share/examples/urcsts-via-include/secolor.conf | 2 +-
> > > >   mcstrans/share/examples/urcsts/secolor.conf             | 2 +-
> > > >   4 files changed, 6 insertions(+), 6 deletions(-)
> > > >
> > > > diff --git a/libselinux/man/man5/secolor.conf.5 
> > > > b/libselinux/man/man5/secolor.conf.5
> > > > index b834577a..a3bf2da1 100644
> > > > --- a/libselinux/man/man5/secolor.conf.5
> > > > +++ b/libselinux/man/man5/secolor.conf.5
> > > > @@ -123,7 +123,7 @@ range s7\-s7:c0.c1023 = black red
> > > >   .br
> > > >   range s9\-s9:c0.c1023 = black orange
> > > >   .br
> > > > -range s15:c0.c1023   = black yellow
> > > > +range s15\-s15:c0.c1023   = black yellow
> > > >   .RE
> > > >
> > > >   .sp
> > > > @@ -165,7 +165,7 @@ type xguest_t     = black green
> > > >   .br
> > > >   user sysadm_u     = white black
> > > >   .br
> > > > -range s0:c0.c1023 = black white
> > > > +range s0-s0:c0.c1023 = black white
> > > >   .br
> > > >   user *            = black white
> > > >   .br
> > > > diff --git a/libselinux/man/ru/man5/secolor.conf.5 
> > > > b/libselinux/man/ru/man5/secolor.conf.5
> > > > index 4c1236ae..bcae80c1 100644
> > > > --- a/libselinux/man/ru/man5/secolor.conf.5
> > > > +++ b/libselinux/man/ru/man5/secolor.conf.5
> > > > @@ -121,7 +121,7 @@ range s7\-s7:c0.c1023 = black red
> > > >   .br
> > > >   range s9\-s9:c0.c1023 = black orange
> > > >   .br
> > > > -range s15:c0.c1023   = black yellow
> > > > +range s15\-s15:c0.c1023   = black yellow
> > > >   .RE
> > > >
> > > >   .sp
> > > > @@ -163,7 +163,7 @@ type xguest_t     = black green
> > > >   .br
> > > >   user sysadm_u     = white black
> > > >   .br
> > > > -range s0:c0.c1023 = black white
> > > > +range s0\-s0:c0.c1023 = black white
> > > >   .br
> > > >   user *            = black white
> > > >   .br
> > > > diff --git a/mcstrans/share/examples/urcsts-via-include/secolor.conf 
> > > > b/mcstrans/share/examples/urcsts-via-include/secolor.conf
> > > > index d35b3c67..3b3f5430 100644
> > > > --- a/mcstrans/share/examples/urcsts-via-include/secolor.conf
> > > > +++ b/mcstrans/share/examples/urcsts-via-include/secolor.conf
> > > > @@ -17,5 +17,5 @@ range s3-s3:c0.c1023 = black tan
> > > >   range s5-s5:c0.c1023 = white blue
> > > >   range s7-s7:c0.c1023 = black red
> > > >   range s9-s9:c0.c1023 = black orange
> > > > -range s15:c0.c1023 = black yellow
> > > > +range s15-s15:c0.c1023 = black yellow
> > > >
> > > > diff --git a/mcstrans/share/examples/urcsts/secolor.conf 
> > > > b/mcstrans/share/examples/urcsts/secolor.conf
> > > > index d35b3c67..3b3f5430 100644
> > > > --- a/mcstrans/share/examples/urcsts/secolor.conf
> > > > +++ b/mcstrans/share/examples/urcsts/secolor.conf
> > > > @@ -17,5 +17,5 @@ range s3-s3:c0.c1023 = black tan
> > > >   range s5-s5:c0.c1023 = white blue
> > > >   range s7-s7:c0.c1023 = black red
> > > >   range s9-s9:c0.c1023 = black orange
> > > > -range s15:c0.c1023 = black yellow
> > > > +range s15-s15:c0.c1023 = black yellow
> > > >
> > > > --
> > > > 2.17.2